| Age | Commit message (Collapse) | Author |
|---|
|
Backport https://sqlite.org/src/info/0e4e7a05c4204b47
(From OE-Core rev: 2a418c0a55d0d4e9a70a41c9a7cfea97ec0edee9)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Fix CVE-2021-20223 for sqlite3
Link: https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch
(From OE-Core rev: b42ea2b7f9149f9066662e95fd0159d7c3d1fc84)
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add patch file to fix CVE-2020-35527
Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz
(From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b)
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add patch to fix CVE-2020-35525
Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz
(From OE-Core rev: ced472cf1d195a1a856d24240dbd6ee91140a347)
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: https://www.sqlite.org/
MR: 120541
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7
ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda
Description:
CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4.
(From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: [YOCTO #13471]
(From OE-Core rev: 54e0df20665be8df9d8961d8c4e716e38104ba16)
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6db24928d62aeb093a0e6da6619713eaca57a96f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As per https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA this issue
is believed to be either iOS specific, or fixed in 3.8.9.
(From OE-Core rev: c5bfb3e4680fb69b7ce793c57082354c12ce3f13)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from d11a2157befcfe40517140988dd26bf0ed7240b6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE: CVE-2020-13632
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13632
(From OE-Core rev: 8d54034bb8e522f9827ec6422b32cbd4e5bf1346)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE: CVE-2020-13631
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13631
(From OE-Core rev: 582f253d6781a006841a436a49c3f7fdddc5bb7b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE: CVE-2020-13630
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13630
(From OE-Core rev: 5780879dec867bdb3c7eeeffb7a958a8b50188a4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE: CVE-2020-13435
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13435
(From OE-Core rev: 4780662ebaba0931ac0084d40670d9be93c0da9b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE: CVE-2020-13434
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13434
(From OE-Core rev: 0338c2eb099532eb3b9a9de038f6b1a757348513)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:
Affects sqlite < 3.32.3
Fixes CVE CVE-2020-15358
(From OE-Core rev: 8eb5fad746b716cba350c6cd6a30766534a90a28)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes CVE-2020-11655 and CVE-2020-11656
(From OE-Core rev: e63a38ca6ea95c0dbc79d5024c0cec31062d2e39)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6acb9746744536019d5c04ce482a873916aac99f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 621ea68239763ce8740731e745c5002c956d4c67)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the following CVEs:
- CVE-2019-19244
- CVE-2019-19880
- CVE-2019-19923
- CVE-2019-19924
- CVE-2019-19925
- CVE-2019-19926
- CVE-2019-19959
- CVE-2019-20218
(From OE-Core rev: f3ebf3f8dd0b4d144db451a8fcb352762f7fbd75)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 81c7ac8a206f50d045d4cbeeb50e9b4e14c47259)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was added in:
https://git.openembedded.org/openembedded-core/commit/?id=6a58e12d19c539deac9e90679a68438497a42fa4
but is no longer needed now pseudo doesn't use sqlite's static lib.
(From OE-Core rev: 5f614a24ed3b6e4da34beb9a3cede07004134503)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: a1b798c5b1c62921eb3439e9fe859f90258cba3b)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Unless SQLITE_BYTEORDER is predefined, the code falls back to build
time huristics - which are not always correct (e.g. in sqlite 3.28.0
big-endian ARM is mis-detected).
(From OE-Core rev: c0fc43c228acd44499d9a1c257ec5e4cf42ed050)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The previous simplification:
https://git.openembedded.org/openembedded-core/commit/?id=604777acfc54d285f315b622bd147ed02d55d6fd
looked OK but didn't actually work as expected. The native and
nativesdk classes re-set CFLAGS after the += has been applied and
so any modifications made via += are lost. Use _append instead.
(From OE-Core rev: b02d83f7ffc72b96799a7964a90709eef02aa29d)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
sqlite3-native in particular was finding zlib from the host if zlib-devel
was installed. This could lead to races where pseudo-native may or may not
fail to build.
We don't need/use compressed page support with sqlite so disable the dependency
(it doesn't have a configure option so use a autoconf cache variable).
The target binaries were not previously building with zlib, so we will
leave the default being zlib turned off, while the host binaries were
building with it "occasionally", but not for anything at runtime.
(From OE-Core rev: 0af2c6af0d5c060666f7ee6f2ef428c1a414cb86)
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade from sqlite3_3.28.0.bb to sqlite3_3.29.0.bb.
(From OE-Core rev: 184d574b35be9229c50331ad48c38cd444f53a60)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 9be07e8c8eea8565df73405775ec2ffb60659118)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 4ec161ea684b305b303f32e96ce23f472c82e1a1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: eb12c672c8f9a0d85a38e84cf0f6aa000bb1cf9f)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For changes, see:
https://www.sqlite.org/releaselog/3_26_0.html
(From OE-Core rev: 8286e9d79dde1c951e92ac1c55bbf0b9798d9dbf)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update SQLite3 from 3.25.2 to 3.25.3 to fix following issues:
* Disallow the use of window functions in the recursive part of a CTE.
* Fix the behavior of typeof() and length() on virtual tables.
* Strengthen defenses against deliberately corrupted database files.
* Fix a problem in the query planner that results when a row-value
expression is used with a PRIMARY KEY with redundant columns.
* Fix the query planner so that it works correctly for IS NOT NULL
operators in the ON clause of a LEFT JOIN with the
SQLITE_ENABLE_STAT4 compile-time option.
Also introduce PACKAGECONFIG tunables to enable/disable e.g. index
and search functions to allow shrinking the library for very small
targets.
(From OE-Core rev: d533ad9b93383a8d721b72b4030b112a3799d559)
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update SQLite3 from 3.23.1 to 3.25.2 for UPSERT, window
functions and improved ALTER TABLE support.
For a detailed list of changes since 3.23.1, see
* https://www.sqlite.org/releaselog/3_25_2.html
* https://www.sqlite.org/releaselog/3_24_0.html
(From OE-Core rev: eea7b16e762ab971d2ccea728e0019304325aed7)
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
An earlier version of a change was merged from S. Lockwood-Childs
<sjl@vctlabs.com> which made the CFLAGS consistent across native,
nativesdk and target cases. This syncs with a later verison of the
patch to remove duplicate CFLAGS settings and simplify the recipe.
(From OE-Core rev: 604777acfc54d285f315b622bd147ed02d55d6fd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable use of pread() and enable column metadata API for nativesdk builds.
This brings nativesdk in line with target and native builds.
(From OE-Core rev: 7c8b85e1c3d852975cd5961a297aa939bf4c7fe7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6a90852e7e8fd6d17308d78966e700f17f567898)
Signed-off-by: Marko Peter <peter.marko@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
3.22.0 -> 3.23.0
Includes optimizations and fixes for issues detected by OSSFuzz
(From OE-Core rev: b478af4cd9c1cb0cab35b0160f7df3f31ca7358b)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update SRC_URI for releases in 2018.
(From OE-Core rev: fff2409587e8a253c1f79a3d3c78907440402188)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove upstreamed patch:
1. sqlite3-fix-CVE-2017-13685.patch
(From OE-Core rev: 483711e676cd063a873179bdb2daedf56de0aa75)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.
Backport patch to fix the issue. Some references:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
(From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Uprev from 3.19.3 to 3.2.0 for fixing CVE-2017-10989:
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3,
as used in GDAL and other products, mishandles undersized RTree blobs
in a crafted database, leading to a heap-based buffer over-read or
possibly unspecified other impact.
https://nvd.nist.gov/vuln/detail/CVE-2017-10989
* LIC_FILES_CHKSUM updated for below changes:
-** 2001 September 15
+** 2001-09-15
(From OE-Core rev: 95b802bfe74ac6a3f6dc05edb52c87ef90600f40)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-6153
(From OE-Core rev: cec6f26f4d2f16c9a58fac5a6344e3d43b36ed09)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
3.19.2 -> 3.19.3
Fixes a bug associated with auto_vacuum that can lead to database
corruption.
(From OE-Core rev: 2635067901c932888a998ea0fbb45f5d4d3c7c24)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fixes:
1. Fix a problem in REPLACE that can result in a corrupt database
containing two or more rows with the same rowid.
2. Fix a problem in PRAGMA integrity_check that was causing a subsequent
VACUUM to behave suboptimally.
3. Fix the PRAGMA foreign_key_check command so that it works correctly with
foreign keys on WITHOUT ROWID tables.
4. Disallow leading zeros in numeric constants in JSON.
5. Disallow control characters inside of strings in JSON.
6. Limit the depth of recursion for JSON objects and arrays in order to
avoid excess stack usage in the recursive descent parser.
7. Fix more bugs in the LEFT JOIN flattening optimization.
(From OE-Core rev: 3d4d025b1cc6668fd7baefa01ebb9664e805e83a)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6949d865d3559fa37ff25de4b97c4460b42e0e9c)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
3.16.2 -> 3.17.0
* Approximately 25% better performance from the R-Tree extension.
* Other performance improvements. Uses about 6.5% fewer CPU cycles.
(From OE-Core rev: 2ecc3dc9cb11feb6804ec08d1b7b1470f01aadbe)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
3.15.2 -> 3.16.2
1. Updated the SRC_URI for releases in 2017
2. Removed the following revert patch as the fix is present in this release:
a) 0001-revert-ad601c7962-that-brings-2-increase-of-build-ti.patch
[YOCTO #10695]
(From OE-Core rev: 05317fe9f11565d40b84ad71300b39c990a53f6d)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 12b5e9943da5eece2641665cd091ef709c30214e)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
pseudo links against this and uses PIC, so some toolchain combinations will
refuse to link against sqlite unless it is also PIC.
(From OE-Core rev: 6a58e12d19c539deac9e90679a68438497a42fa4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade sqlite3 from 3.14.1 to 3.15.1.
(From OE-Core rev: 60ed09794d038907b2e8ac188bb9b37cba7dfda5)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It turns out this change between 3.12.2 and 3.13 introduces
a 2% increase of build time based on statistic data in
bz10367.
The added patch is forged by diffing the new sqlite3.c
generated from reverting the change in raw source of sqlite3
project, and then manually migrate the delta to a sqlite3.c
from the 3.14.1 tarball package because what recipes reference
is actually a generated C code (amalgamation) release package
and we cannot apply the real change to 3.14.1 cleanly due to
so many changes happened.
Fixes [YOCTO #10367]
(From OE-Core rev: dda0c80019b181a5e323a82d346f86c6fffb6756)
Signed-off-by: Jianxun Zhang <jianxun.zhang@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6858df73073d32f6301b2302ae563670e32db134)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Vijay Anusuri
Sana Kazi
Virendra Thakur
Hitendra Prajapati
Meh Mbeh Ida Delphine
Steve Sakoman
Armin Kuster
Sakib Sajal
Anuj Mittal
Ross Burton
Richard Purdie
Zang Ruochen
Andre McCurdy
Jason Wessel
Oleksandr Kravchuk
Adrian Bunk
Jens Rehsack
S. Lockwood-Childs
Marko, Peter
Maxin B. John
Wenzong Fan
Mikko Rapeli
Joshua Lock
Huang Qiyu
Jianxun Zhang